[squid-users] SSL Virtual Hosting Problem
Amos Jeffries
squid3 at treenet.co.nz
Fri Dec 1 20:34:30 UTC 2023
On 1/12/23 04:55, Mario Theodoridis wrote:
> I do have one more problem at this point.
>
> Using openssl i can work with what i have below, but i cannot add a 2nd
> certificate
>
> https_port 0.0.0.0:443 accel defaultsite=regify.com \
> tls-cert=/etc/ssl/certs/regify.com.pem \
> tls-cert=/etc/ssl/certs/foo.com.pem
>
> gives me
>
> ERROR: OpenSSL does not support multiple server certificates. Ignoring
> addional cert= parameters.
>
>
> If i instead use gnutls, i get dinged for using ssl::server
>
> FATAL: Bungled /etc/squid/squid.conf line 29: acl stest1
> ssl::server_name test1.regify.com
>
> is there a way to get the SNI host with gnutls?
There is , but we have not yet implemented it.
If the HTTPS URL domain is acceptable you can use the dstdomain ACL type
instead as a workaround.
>
> http://www.squid-cache.org/Doc/config/acl/ did not answer that for me.
>
> Alternatively, can i get openssl to cope with multiple certs somehow?
AFAIK, no.
HTH
Amos
More information about the squid-users
mailing list